#coding:utf-8
'''
* coder  : dzlua
* email  : 505544956@qq.com
* module : api-frame
* path   : app
* file   : auth.py
* time   : 2017-11-08 10:06:38
'''
#--------------------#
from flask import g
#----------#
from app.mgr import auth
from app.models.user import User
from app.models.auth import Token
#----------#
from app.utils.response import makeResponse, R401_UNAUTHORIZED
#--------------------#

#--------------------#
@auth.verify_password
def verify_password(username, password):
    g.user = None
    user = User.get(username=username)
    if not user:
        return False
    if not auth.check_password(user.password, password):
        return False
    g.user = user
    return True
#----------#
@auth.verify_refresh_token
def verify_rftoken(token):
    data = auth.refresh_token_data(token)
    if not auth.has_key(data, 'user_id'):
        return False
    #
    user = User.get(id=data['user_id'])
    if not user:
        return False
    g.user = user
    g.data = data
    return True
#----------#
@auth.verify_access_token
def verify_atoken(token):
    data = auth.access_token_data(token)
    if not auth.has_key(data, 'user_id'):
        return False
    #
    user = User.get(id=data['user_id'])
    if not user:
        return False
    g.user = user
    g.data = data
    return True
#----------#
@auth.verify_user_token
def verify_user_token(token):
    data = auth.user_token_data(token)
    if not auth.has_keys(data, ['user_id', 'type']):
        return False
    #
    user = User.get(id=data['user_id'])
    if not user:
        return False
    g.user = user
    g.data = data
    return True
#--------------------#

#--------------------#
@auth.set_save_token
def save_token(tdata):
    user_id = tdata['data']['user_id']
    token = Token.get(user_id=user_id)
    if token:
        if tdata['type'] == 'refresh_token':
            token.refresh_token = tdata['token']
        elif tdata['type'] == 'access_token':
            token.access_token = tdata['token']
        elif tdata['type'] == 'user_token':
            data = tdata['data']
            if not auth.has_key(data, 'type'):
                return False
            if data['type'] == 'email':
                token.email_token = tdata['token']
            elif data['type'] == 'phone':
                token.phone_token = tdata['token']
            else:
                return False
        else:
            return False
        token.update()
    else:
        if tdata['type'] == 'refresh_token':
            Token.add(
                user_id=user_id,
                refresh_token=tdata['token'])
        elif tdata['type'] == 'access_token':
            Token.add(
                user_id=user_id,
                access_token=tdata['token'])
        elif tdata['type'] == 'user_token':
            data = tdata['data']
            if not auth.has_key(data, 'type'):
                return False
            if data['type'] == 'email':
                Token.add(
                    user_id=user_id,
                    email_token=tdata['token'])
            elif data['type'] == 'phone':
                Token.add(
                    user_id=user_id,
                    phone_token=tdata['token'])
            else:
                return False
        else:
            return False
    return True
#----------#
@auth.set_get_token
def get_token(tdata):
    user_id = tdata['data']['user_id']
    token = Token.get(user_id=user_id)
    if not token:
        return None
    if tdata['type'] == 'refresh_token':
        return token.refresh_token
    elif tdata['type'] == 'access_token':
        return token.access_token
    elif tdata['type'] == 'user_token':
        data = tdata['data']
        if not auth.has_key(data, 'type'):
            return None
        if data['type'] == 'email':
            return token.email_token
        elif data['type'] == 'phone':
            return token.phone_token
    return None
#--------------------#

#--------------------#
@auth.error_handler_login
@auth.error_handler_access_token
@auth.error_handler_refresh_token
@auth.error_handler_user_token
def error_handler():
    return makeResponse(R401_UNAUTHORIZED, jsonify=True)
#--------------------#
